Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie

Programme to generate and validate licenses

Options
  • 18-08-2008 4:57am
    #1
    redhat_newbie
    Closed Accounts Posts: 140 ✭✭


    Hello All,

    Looking for some software solution open source or commercial one for license generation , validation and management.

    Goal: Is to build a license generator/validator (C programming), the license should used MAC ID and Expiration date as the keys. If the date is put back/forth then the software should be locked.

    I do not have much knowledge in license management. Anybody who has done research or have much hands on experience in this area please point me to the right direction. One more thing I have some experience with management of flexlm licenses, but its a pain.

    please read this:
    excerpt from this link: http://bytes.com/forum/thread462742.html
    Example License Format:
    [Application Name]
    [Version]
    [Application Specific Features or Information]
    [LicenseType (perm/demo)]
    [exp. date if demo]
    [encrypted license key of HD+MAC address]
    [encrypted CRC value of entire license key]

    Example License Key:
    SomeApp
    1.2.0.0
    EditorFeature|DesignerFeature|QueryFeature|ServerF eature=215.128.56.12
    PERM
    00/00/0000
    ab86af7e890da8ab78c98ea9bd8ffa7e
    1e67a01f3bc1

    Thank you


Comments

  • Options
    #2
    DublinWriter
    Registered Users Posts: 9,557 ✭✭✭DublinWriter


    The following is a commercial solution used by a lot of vendors, and it ain't cheap AFAIK:

    http://www.x-formation.com/lm-x_license_manager/index.html


  • Options
    #3
    redhat_newbie
    Closed Accounts Posts: 140 ✭✭redhat_newbie


    Thanks Dublinwriter. Much helpful. I understand the importance of open source, but still one needs to sell software. I wonder why software license generator, validator and managers is of no interest to open source developers. I do not see any open source projects in this regard.


  • Options
    #4
    Martyr
    Closed Accounts Posts: 1,567 ✭✭✭Martyr


    there is a tutorial on codeproject called Product Keys Based on Elliptic Curve Cryptography

    i'm not sure its what you want..some people i know use ECC routines from opensource cryptography libraries like openssl.

    they generate a key pair, private/public.

    generate a hash (MD5/SHA-1) based on some text, like a persons name.
    sign this hash with the private key, encode with base64, place in a "license file" and given to the user.

    the distributed program will have the public key which when verifying the users signed hash will know if its valid license key.

    the only way for somebody else to generate valid license key is to derive the private key from public..which is known to be very difficult, depending on the key size, other factors.

    more complex schemes encrypt the entire program using a symmetric key that can only be decrypted by the individuals public key placed on a smart card, plugged into USB reader.


  • Options
    #5
    Martyr
    Closed Accounts Posts: 1,567 ✭✭✭Martyr


    after reading that tutorial again, it might not be what you need..i was talking about signature verification like ECDSA
    For Alice to sign a message m, she follows these steps:
    • Calculate e = HASH(m), where HASH is a cryptographic hash function, such as SHA-1.
    • Select a random integer k from [1,n − 1].
    • Calculate r = x1(mod n), where (x1,y1) = kG. If r = 0, go back to step 2.
    • Calculate s = k − 1(e + rdA)(mod n). If s = 0, go back to step 2.
    • The signature is the pair (r,s).
    For Bob to authenticate Alice's signature, he must have a copy of her public key QA. He follows these steps:
    • Verify that r and s are integers in [1,n − 1]. If not, the signature is invalid.
    • Calculate e = HASH(m), where HASH is the same function used in the signature generation.
    • Calculate w = s − 1(mod n).
    • Calculate u1 = ew(mod n) and u2 = rw(mod n).
    • Calculate (x1,y1) = u1G + u2QA.
    • The signature is valid if r = x1(mod n), invalid otherwise
    .

    i found 1 library after quick search here but of course many exist.
    openssl have examples here

    its not as difficult as you'd think using the library, since there are only a few functions needed.
    generate key pair/ hash+sign data / verify...thats about it, all the hard work is done in the background.


  • Options
    #6
    redhat_newbie
    Closed Accounts Posts: 140 ✭✭redhat_newbie


    Thanks very much Average Joe. Nice description and info about the internals and the algorithm. Will work on it and keep everyone posted.

    Goal : Is to build a license management system ( generate, validate, lock and tracking).

    Cheers


  • Advertisement
  • Options
    #7
    Martyr
    Closed Accounts Posts: 1,567 ✭✭✭Martyr


    no problem.
    just wanted to post couple of other links for anyone searching code in future.

    Simple ECDSA is example code in C

    ECC-LIB is another.

    something old..but possibly still very useful is pegwit

    and just for anyone who might want to generate small keys using small library in 32-bit assembly, there is ECDSA-128


Advertisement